I am seeing invalid (spam) messages in the outgoing message queue. This probably caused by a compromised pc on the network. How can I determine the origin, mac or ip address, of these messages?

SMTP logs in your webroot folder should point you in the right direction. Also a full virus scan of all pc's is a good idea.

SMTP log in webroot folder? I am not certain to what you are referring. I have turned on Maximum logging and the results are posted in the Event Viewer Application Logs, but do not point to the origin of the messages.Also I neglected to post that this is on a MS Small Business Server 2003. Thanks in advance for your suggestions.

There are two different levels of logging, while your exchange smtp virtual server logging may be set to verbose its not going to list every connection. This tutorial should help you find the 'other' type of logging :-) http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html